Question 1

According to NIST SP 800-18,Rev.1,whichindividual is responsible for the creation,revision,distribution,and storage of the policy?

Accepted Answer

A)   policy developer
B)   policy reviewer
C)   policy enforcer
D)   policy administratorE) A) and B)
F) A) and C)

Question 2

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

Accepted Answer

A)   Policy Review and Modification
B)   Limitations of Liability
C)   Systems Management
D)   Statement of PurposeE) C) and D)
F) A) and B)

Question 3

An organizational policy that provides detailed,targetedguidance to instruct all members of the organization in the use of a resource,such as one of itsprocesses or technologies.

Accepted Answer

A)  capability table
B)  statement of purpose
C)  Bull's eye model
D)  SysSP
E)  proceduresF) InfoSec policyG) standardH) access control listsI) systems managementJ) ISSPK) D) and H)
L) C) and J)

Question 4

Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?

Accepted Answer

A)   Enterprise information security policy
B)   User-specific security policies
C)   Issue-specific security policies
D)   System-specific security policiesE) A) and B)
F) B) and C)

Question 5

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

Accepted Answer

end-user license agr...

Question 6

A detailed outline of the scope of the policy development project is created during which phase of the SecSDLC?

Accepted Answer

A)   design
B)   analysis
C)   implementation
D)   investigationE) None of the above
F) A) and B)

Question 7

A section of policy that should specify users' and systems administrators' responsibilities.

Accepted Answer

A)  capability table
B)  statement of purpose
C)  Bull's eye model
D)  SysSP
E)  proceduresF) InfoSec policyG) standardH) access control listsI) systems managementJ) ISSPK) D) and H)
L) A) and H)

Question 8

List the major components of the ISSP.

Accepted Answer

Statement of Purpose Authorize...

Question 9

The three types of information security policies include the enterprise information security policy,the issue-specific security policy,and the ____________________ security policy.

Accepted Answer

system-spe...

Question 10

The 'Authorized Uses' section of an ISSP specifies what the identified technology cannot be used for.

Accepted Answer

A) True 
 B)False

Question 11

What is a SysSP and what is one likely to include?

Accepted Answer

SysSPs often function as standards or pr...

Question 12

What are configuration rules?Provide examples.

Accepted Answer

Configuration rules are instructional co...

Question 13

Technology is the essential foundation of an effective information security program​._____________

Accepted Answer

A) True 
 B)False

Question 14

Examples of actions that illustrate compliance with policies are known as laws.

Accepted Answer

A) True 
 B)False

Question 15

In the bull's-eye model,the ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure.

Accepted Answer

The answer of In the bull's-eye model,the ____________________ layer is...

Question 16

What is the final component of the design and implementation of effective policies?Describe this component.

Accepted Answer

The final component of the design and im...

Exam 4: Information Security Policy

What is a SysSP and what is one likely to include?

Correct Answer
verified
SysSPs often function as standards or pr...
View Answer

Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?

Correct Answer
verified

The 'Authorized Uses' section of an ISSP specifies what the identified technology cannot be used for.

Correct Answer
verified

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

Correct Answer
verified

Technology is the essential foundation of an effective information security program._____________

Correct Answer
verified

What are configuration rules?Provide examples.

Correct Answer
verified
Configuration rules are instructional co...
View Answer

What is the final component of the design and implementation of effective policies?Describe this component.

Correct Answer
verified
The final component of the design and im...
View Answer

The three types of information security policies include the enterprise information security policy,the issue-specific security policy,and the ____________________ security policy.

Correct Answer
verified
system-spe...
View Answer

List the major components of the ISSP.

Correct Answer
verified
Statement of Purpose Authorize...
View Answer

Examples of actions that illustrate compliance with policies are known as laws.

Correct Answer
verified

A section of policy that should specify users' and systems administrators' responsibilities.

Correct Answer
verified

An organizational policy that provides detailed,targetedguidance to instruct all members of the organization in the use of a resource,such as one of itsprocesses or technologies.

Correct Answer
verified

A detailed outline of the scope of the policy development project is created during which phase of the SecSDLC?

Correct Answer
verified

According to NIST SP 800-18,Rev.1,whichindividual is responsible for the creation,revision,distribution,and storage of the policy?

Correct Answer
verified

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

Correct Answer
verified
end-user license agr...
View Answer

In the bull's-eye model,the ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure.

Correct Answer
verified

Exam 4: Information Security Policy

What is a SysSP and what is one likely to include?

Correct AnswerverifiedSysSPs often function as standards or pr...View AnswerShow Answer

Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?

Correct AnswerverifiedShow Answer

The 'Authorized Uses' section of an ISSP specifies what the identified technology cannot be used for.

Correct AnswerverifiedShow Answer

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

Correct AnswerverifiedShow Answer

Technology is the essential foundation of an effective information security program​._____________

Correct AnswerverifiedShow Answer

What are configuration rules?Provide examples.

Correct AnswerverifiedConfiguration rules are instructional co...View AnswerShow Answer

What is the final component of the design and implementation of effective policies?Describe this component.

Correct AnswerverifiedThe final component of the design and im...View AnswerShow Answer

The three types of information security policies include the enterprise information security policy,the issue-specific security policy,and the ____________________ security policy.

Correct Answerverifiedsystem-spe...View AnswerShow Answer

List the major components of the ISSP.

Correct AnswerverifiedStatement of Purpose Authorize...View AnswerShow Answer

Examples of actions that illustrate compliance with policies are known as laws.

Correct AnswerverifiedShow Answer

A section of policy that should specify users' and systems administrators' responsibilities.

Correct AnswerverifiedShow Answer

An organizational policy that provides detailed,targetedguidance to instruct all members of the organization in the use of a resource,such as one of itsprocesses or technologies.

Correct AnswerverifiedShow Answer

A detailed outline of the scope of the policy development project is created during which phase of the SecSDLC?

Correct AnswerverifiedShow Answer

According to NIST SP 800-18,Rev.1,whichindividual is responsible for the creation,revision,distribution,and storage of the policy?

Correct AnswerverifiedShow Answer

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

Correct Answerverifiedend-user license agr...View AnswerShow Answer

In the bull's-eye model,the ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure.

Correct AnswerverifiedShow Answer

Correct Answer
verified
SysSPs often function as standards or pr...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Technology is the essential foundation of an effective information security program._____________

Correct Answer
verified

Correct Answer
verified
Configuration rules are instructional co...
View Answer

Correct Answer
verified
The final component of the design and im...
View Answer

Correct Answer
verified
system-spe...
View Answer

Correct Answer
verified
Statement of Purpose Authorize...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
end-user license agr...
View Answer

Correct Answer
verified